<?php

$idtoget = $_POST["id"];
$battleidtoget = $_POST["battleid"];

$dbname = "tactickstest";
$connection = mysql_connect("tidesinreturn.gardenofmadness.org", "tacticksadmin",
                            "123abc") or die("Error connecting to SQL.");

$db = mysql_select_db($dbname, $connection);

$query = "select * from TOKENS where id = " . mysql_real_escape_string($idtoget) .
         " and battleid = " .  mysql_real_escape_string($battleidtoget);

$result = mysql_query($query, $connection) or die("Could not complete database query: " . mysql_error());
$num = mysql_num_rows($result);

echo "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\r\n";
echo "<tokendata xmlns=\"http://www.gardenofmadness.org/\">\r\n";
if ($num != 0)
{
 $row = mysql_fetch_array($result);

 echo "<id>" . $row["id"] . "</id>\r\n";
 echo "<name>" . $row["name"] . "</name>\r\n";
 echo "<defpenalty>" . $row["defpenalty"] . "</defpenalty>\r\n";
 echo "<bigpic>" . $row["bigpicurl"] . "</bigpic>\r\n";
 echo "<littlepic>" . $row["littlepicurl"] . "</littlepic>\r\n";
}

echo "</tokendata>";

?>
